fix: handle active storage preview error for password protected pdfs (#11888)

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
2025-11-01 11:37:58 +00:00 · 2025-08-11 12:41:37 +05:30
parent f3bc2476fc
commit 6cab741392
4 changed files with 28 additions and 6 deletions
--- a/app/controllers/slack_uploads_controller.rb
+++ b/app/controllers/slack_uploads_controller.rb
@@ -17,7 +17,12 @@ class SlackUploadsController < ApplicationController
  end

  def blob_url
-    url_for(@blob.representation(resize_to_fill: [250, nil]))
+    # Only generate representations for images
+    if @blob.content_type.start_with?('image/')
+      url_for(@blob.representation(resize_to_fill: [250, nil]))
+    else
+      url_for(@blob)
+    end
  end

  def avatar_url
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -60,11 +60,9 @@ class Attachment < ApplicationRecord
  end

  def thumb_url
-    if file.attached? && file.representable?
-      url_for(file.representation(resize_to_fill: [250, nil]))
-    else
-      ''
-    end
+    return '' unless file.attached? && image?
+
+    url_for(file.representation(resize_to_fill: [250, nil]))
  end

  def with_attached_file?
--- a/config/application.rb
+++ b/config/application.rb
@@ -61,6 +61,9 @@ module Chatwoot
    # https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
    # FIX ME : fixes breakage of installation config. we need to migrate.
    config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess]
+
+    # Disable PDF/video preview generation as we don't use them
+    config.active_storage.previewers = []
  end

  def self.config
--- a/spec/models/attachment_spec.rb
+++ b/spec/models/attachment_spec.rb
@@ -68,6 +68,22 @@ RSpec.describe Attachment do
    end
  end

+  describe 'thumb_url' do
+    it 'returns empty string for non-image attachments' do
+      attachment = message.attachments.new(account_id: message.account_id, file_type: :file)
+      attachment.file.attach(io: StringIO.new('fake pdf'), filename: 'test.pdf', content_type: 'application/pdf')
+
+      expect(attachment.thumb_url).to eq('')
+    end
+
+    it 'generates thumb_url for image attachments' do
+      attachment = message.attachments.create!(account_id: message.account_id, file_type: :image)
+      attachment.file.attach(io: StringIO.new('fake image'), filename: 'test.jpg', content_type: 'image/jpeg')
+
+      expect(attachment.thumb_url).to be_present
+    end
+  end
+
  describe 'meta data handling' do
    let(:message) { create(:message) }